Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2bc78049 authored by Patrick McHardy's avatar Patrick McHardy
Browse files

[NETFILTER]: nf_conntrack: add DCCP protocol support 



Add DCCP conntrack helper. Thanks to Gerrit Renker <gerrit@erg.abdn.ac.uk>
for review and testing.

Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent d63a6507

include/linux/netfilter/nf_conntrack_dccp.h

0 → 100644
+40 −0
Original line number Diff line number Diff line 
#ifndef _NF_CONNTRACK_DCCP_H

#define _NF_CONNTRACK_DCCP_H



/* Exposed to userspace over nfnetlink */

enum ct_dccp_states {

	CT_DCCP_NONE,

	CT_DCCP_REQUEST,

	CT_DCCP_RESPOND,

	CT_DCCP_PARTOPEN,

	CT_DCCP_OPEN,

	CT_DCCP_CLOSEREQ,

	CT_DCCP_CLOSING,

	CT_DCCP_TIMEWAIT,

	CT_DCCP_IGNORE,

	CT_DCCP_INVALID,

	__CT_DCCP_MAX

};

#define CT_DCCP_MAX		(__CT_DCCP_MAX - 1)



enum ct_dccp_roles {

	CT_DCCP_ROLE_CLIENT,

	CT_DCCP_ROLE_SERVER,

	__CT_DCCP_ROLE_MAX

};

#define CT_DCCP_ROLE_MAX	(__CT_DCCP_ROLE_MAX - 1)



#ifdef __KERNEL__

#include <net/netfilter/nf_conntrack_tuple.h>



struct nf_ct_dccp {

	u_int8_t	role[IP_CT_DIR_MAX];

	u_int8_t	state;

	u_int8_t	last_pkt;

	u_int8_t	last_dir;

	u_int64_t	handshake_seq;

};



#endif /* __KERNEL__ */



#endif /* _NF_CONNTRACK_DCCP_H */

include/linux/netfilter/nfnetlink_conntrack.h

+8 −0
Original line number Diff line number Diff line
@@ -80,6 +80,7 @@ enum ctattr_l4proto { 
enum ctattr_protoinfo {

	CTA_PROTOINFO_UNSPEC,

	CTA_PROTOINFO_TCP,

	CTA_PROTOINFO_DCCP,

	__CTA_PROTOINFO_MAX

};

#define CTA_PROTOINFO_MAX (__CTA_PROTOINFO_MAX - 1)
@@ -95,6 +96,13 @@ enum ctattr_protoinfo_tcp { 
};

#define CTA_PROTOINFO_TCP_MAX (__CTA_PROTOINFO_TCP_MAX - 1)



enum ctattr_protoinfo_dccp {

	CTA_PROTOINFO_DCCP_UNSPEC,

	CTA_PROTOINFO_DCCP_STATE,

	__CTA_PROTOINFO_DCCP_MAX,

};

#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)



enum ctattr_counters {

	CTA_COUNTERS_UNSPEC,

	CTA_COUNTERS_PACKETS,		/* old 64bit counters */

include/net/netfilter/nf_conntrack.h

+2 −0
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ 
#include <asm/atomic.h>



#include <linux/netfilter/nf_conntrack_tcp.h>

#include <linux/netfilter/nf_conntrack_dccp.h>

#include <linux/netfilter/nf_conntrack_sctp.h>

#include <linux/netfilter/nf_conntrack_proto_gre.h>

#include <net/netfilter/ipv4/nf_conntrack_icmp.h>
@@ -30,6 +31,7 @@ 
/* per conntrack: protocol private data */

union nf_conntrack_proto {

	/* insert conntrack proto private data here */

	struct nf_ct_dccp dccp;

	struct ip_ct_sctp sctp;

	struct ip_ct_tcp tcp;

	struct ip_ct_icmp icmp;

include/net/netfilter/nf_conntrack_tuple.h

+6 −0
Original line number Diff line number Diff line
@@ -39,6 +39,9 @@ union nf_conntrack_man_proto 
	struct {

		__be16 id;

	} icmp;

	struct {

		__be16 port;

	} dccp;

	struct {

		__be16 port;

	} sctp;
@@ -77,6 +80,9 @@ struct nf_conntrack_tuple 
			struct {

				u_int8_t type, code;

			} icmp;

			struct {

				__be16 port;

			} dccp;

			struct {

				__be16 port;

			} sctp;

net/netfilter/Kconfig

+10 −0
Original line number Diff line number Diff line
@@ -86,6 +86,16 @@ config NF_CONNTRACK_EVENTS 


	  If unsure, say `N'.



config NF_CT_PROTO_DCCP

	tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)'

	depends on EXPERIMENTAL && NF_CONNTRACK

	depends on NETFILTER_ADVANCED

	help

	  With this option enabled, the layer 3 independent connection

	  tracking code will be able to do state tracking on DCCP connections.



	  If unsure, say 'N'.



config NF_CT_PROTO_GRE

	tristate

	depends on NF_CONNTRACK